cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Reset Password AppKey-Token Clean-up

IPA
10-Marble
10-Marble

Reset Password AppKey-Token Clean-up

Hi,

 

my question is concerning the built-in "Reset Password" mechanism that is available through the Form Login page of an Organization. Every time a user resets her password a new application key ("<username>resetToken") is created.

 

Question: Does this application key continue to exist forever on the platform or is there some built-in mechanism (e.g. scheduler) that automatically deletes these resetToken-appkeys?

5 REPLIES 5
supandey
19-Tanzanite
(To:IPA)

Hi @IPA since it expires after a certain period, my understanding is that it gets cleaned up automatically i.e. if it has expired.

 

Is there any specific use case around this topic? Are you observing something odd?

IPA
10-Marble
10-Marble
(To:supandey)

Hi @supandey, you mean that there is some sort of internal scheduler that checks if the app keys has expired and if yes, it deletes them (and i mean completely delete the app key entity)? I did not see this happening.

 

The use case is that if users start resetting their passwords and the reset tokens are not cleaned up the platform will eventually get full of expired, not needed app keys, which of course require disk space. I do not think this is a good practice..

supandey
19-Tanzanite
(To:IPA)

Expired token is deleted, whenever the next time user attempts to reset password for the associated account. So it should not stack up bunch of expired tokens.

supandey
19-Tanzanite
(To:IPA)


@IPA wrote:

...I did not see this happening.

 


By that do you mean, you do not see them getting deleted and there are bunch of expired appkeys listed for that user? 

IPA
10-Marble
10-Marble
(To:supandey)

I mean that if there are 1000 users that have reset their password I will then have 1000 reset app keys lying around on the platform.

Announcements